Vulnerability Note VU#542971
Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflow via network name and address lookups
Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a denial of service on vulnerable systems.
The Domain Name System (DNS) provides name, address, and other information about Internet Protocol (IP) networks and devices. By issuing queries to and interpreting responses from DNS servers, IP-enabled network operating systems can access DNS information. When an IP network application needs to access or process DNS information, it calls functions in the stub resolver library, which may be part of the underlying network operating system. On BSD-based systems, DNS stub resolver functions are implemented in the system library libc. In ISC BIND, they are implemented in libbind. On GNU/Linux-based systems, they are implemented in glibc. The DNS resolver libraries on BSD-based systems (libc), ISC BIND (libbind), GNU/Linux (glibc), and possibly other systems that use code derived from ISC BIND contain buffer overflow vulnerabilities in the way the resolver handles DNS responses.
This document specifically addresses a buffer overflow that can ocur when stub resolvers process DNS responses for network name and address resolution.
Note that any application that uses a vulnerable resolver library is likely to be affected. Applications that are statically linked must be recompiled using patched resolver libraries.
An attacker who is able to control DNS responses could exploit arbitrary code or cause a denial of service on vulnerable systems. The attacker would need to be able to spoof DNS responses or control a DNS server that provides responses to a vulnerable system. Any code executed by the attacker would run with the privileges of the process that called the vulnerable resolver function, potentially root.
Use of a local caching DNS server is not an effective workaround
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Caldera||Affected||08 Jul 2002||13 Aug 2002|
|Conectiva||Affected||-||14 Aug 2002|
|Debian||Affected||08 Jul 2002||14 Aug 2002|
|GNU glibc||Affected||28 Jun 2002||01 Aug 2002|
|Guardian Digital||Affected||08 Jul 2002||01 Aug 2002|
|Hewlett-Packard Company||Affected||08 Jul 2002||01 Aug 2002|
|MandrakeSoft||Affected||08 Jul 2002||14 Aug 2002|
|Openwall||Affected||-||14 Aug 2002|
|Red Hat Inc.||Affected||08 Jul 2002||01 Aug 2002|
|Slackware||Affected||-||13 Aug 2002|
|SuSE Inc.||Affected||08 Jul 2002||01 Aug 2002|
|Trustix||Affected||-||14 Aug 2002|
|IBM||Unknown||08 Jul 2002||01 Aug 2002|
|Sequent||Unknown||08 Jul 2002||01 Aug 2002|
CVSS Metrics (Learn More)
The CERT/CC thanks PINE-CERT for reporting this vulnerability and the GNU glibc developers for information used in this document.
This document was written by Art Manion.
- CVE IDs: CAN-2002-0684
- CERT Advisory: CA-2002-19
- Date Public: 26 Jun 2002
- Date First Published: 01 Aug 2002
- Date Last Updated: 27 Aug 2002
- Severity Metric: 29.72
- Document Revision: 34
If you have feedback, comments, or additional information about this vulnerability, please send us email.